| Main Archive Page > Month Archives > snort-devel archives |
Re: [Snort-devel] Snort.org Blog: Snort 2.9.1 beta coming soon!
From: beenph <beenph_at_nospam>Date: Mon Jun 13 2011 - 18:16:40 GMT
To: Joel Esler <jesler@sourcefire.com>
>On Mon, Jun 13, 2011 at 12:45 PM, Joel Esler <jesler@sourcefire.com> wrote:
> On Jun 13, 2011, at 12:13 PM, Russ Combs wrote:
>>
>> Does the HTTP, SMTP, etc. logging take place in its own thread, or
>> does it block the detection thread?
>
> No - logging is in the main thread
>
> It is included in the unified2 output file, use the u2spewfoo tool included
> with Snort to see this.
> Barnyard2 developers (Snorby et all), if they want to to include this output
> in their tools, will have to update to handle this new output.
> Joel
Barnyard2 currently do not log any of those Unified2ExtraDataHdr.
But it will be able to process file where Unified2ExtraDataHdr are present.
A consensus has to be made betwen frontend developper to determine how they
would like to have Unified2ExtraDataHdr data stored in their datastore.
-elz
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel